CamiloCarvajalPensemos commented on issue #32664:
URL: https://github.com/apache/superset/issues/32664#issuecomment-4984859119
I was able to reproduce this issue in Apache Superset 6.1.0.
The database password ends with an asterisk (`*`). The connection URI uses
`%2A`, for example:
```text
postgresql://user:password%2A@host:5432/database
```
Observed behavior:
1. **Test Connection succeeds**.
2. After saving the database, loading schemas fails with:
```text
password authentication failed for user
```
3. The password stored in memory initially contains the trailing `*`, but
after committing and reloading the `Database` model, the trailing `*` is gone.
Shell reproduction:
```python
database.set_sqlalchemy_uri(
"postgresql://user:password%2A@host:5432/database"
)
print(repr(database.password))
# 'password*'
db.session.commit()
db.session.expire_all()
database = db.session.get(Database, database.id)
print(repr(database.password))
# 'password'
```
The cause appears to be the encrypted column implementation:
```python
EncryptedType -> sqlalchemy_utils AesEngine -> NaivePadding
```
`NaivePadding` uses `*` as its padding character and removes padding with:
```python
value.rstrip(b"*")
```
As a result, any legitimate trailing asterisks in the password are removed
during decryption.
A direct test confirms it:
```python
dialect = db.session.bind.dialect
encrypted = col.type.process_bind_param("test*", dialect)
col.type.process_result_value(encrypted, dialect)
# 'test'
```
This makes passwords ending in `*` unusable after the database configuration
is persisted.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]